[PATCH 1/3] ima: keep the integrity state of open files up to date

Janne Karhunen janne.karhunen at gmail.com
Tue Sep 10 07:04:53 UTC 2019


On Tue, Sep 10, 2019 at 12:39 AM Eric Biggers <ebiggers at kernel.org> wrote:
> > Core file operations (open, close, sync, msync, truncate) are
> > now allowed to update the measurement immediately. In order
> > to maintain sufficient write performance for writes, add a
> > latency tunable delayed work workqueue for computing the
> > measurements.
>
> This still doesn't make it crash-safe.  So why is it okay?

If Android is the load, this makes it crash safe 99% of the time and
that is considerably better than 0% of the time.

That said, we have now a patch draft forming up that pushes the update
to the ext4 journal. With this patch on top we should reach the
magical 100% given data=journal mount. One step at a time.


--
Janne



More information about the Linux-security-module-archive mailing list